Solved: Re: No SNMP queries possible from ISE V 3.3 to the device

Simon-ITK · ‎09-19-2025

The SNMP query for devices is not working on my Cisco ISE version 3.3 via VM single license. Cisco ISE does not send any snmp requests. What could be the reason for this? SNMP is enabled on the device setup with the correct version 2c and the correct password. ISE is also entered for SNMP queries on the target device. I can see that no SNMP queries are coming through the upstream firewall, nor is anything being queried via SNMP on the target device (debug).

SNMP Querry is also active under Deployment. The EndPoint attribute filter is set under Profiler settings.
What else could be the reason?

balaji.bandi · ‎09-19-2025

is this issue only with ISE doing query with SNMP fails, can you check out of the box is the device SNMP query works ?

You can also configure on ISE NMAP probe and check.

https://www.cisco.com/c/en/us/td/docs/security/ise/3-3/admin_guide/b_ise_admin_3_3/b_ISE_admin_33_integration.html#reference_4D603ADC9DCF45F88982448A99D8EA89

Ping ISP to device and device to ISE and also run debug on switch see SNMP packets. ?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

View solution in original post

ahollifield · ‎09-19-2025

Does ISE have reachability to the NAD? Does the NAD have active authentications coming in? Why only one ISE node?

View solution in original post

balaji.bandi · ‎09-19-2025

is this issue only with ISE doing query with SNMP fails, can you check out of the box is the device SNMP query works ?

You can also configure on ISE NMAP probe and check.

https://www.cisco.com/c/en/us/td/docs/security/ise/3-3/admin_guide/b_ise_admin_3_3/b_ISE_admin_33_integration.html#reference_4D603ADC9DCF45F88982448A99D8EA89

Ping ISP to device and device to ISE and also run debug on switch see SNMP packets. ?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Simon-ITK · ‎09-21-2025

I need to back up a bit to explain. I have this problem on an ISE test installation on a VM. Due to queue drop messages on this ISE, we increased the main memory and cores in the VM. After that, the network interfaces were obviously configured differently. I hadn't considered that. That's why your suggestion to check whether the device is accessible was the right approach. That's how I discovered the new network assignment. However, the devices are now accessible and are also queried cyclically via SNMP, but I cannot query them via Context Visibility via SNMP. The error ‘Device not accessible’ continues to appear there. Any idea what else might be missing?

Translated with DeepL.com (free version)

ahollifield · ‎09-19-2025

Does ISE have reachability to the NAD? Does the NAD have active authentications coming in? Why only one ISE node?

Simon-ITK · ‎09-21-2025

I need to back up a bit to explain. I have this problem on an ISE test installation on a VM. That's why it's only an ISE. Due to queue drop messages on this ISE, we increased the main memory and cores in the VM. After that, the network interfaces were obviously configured differently. I hadn't considered that. That's why your suggestion to check whether the device is accessible was the right approach. I discovered this with the new network assignment. However, the devices are now accessible and are also queried cyclically via SNMP, but I cannot query them via Context Visibility via SNMP. The error ‘Device not accessible’ continues to appear there. Any idea what else might be missing?